A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Log4j2 RCE Passive Scanner plugin for BurpSuite

log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services

A fully automated, reliable, super-fast, scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.

Simple local scanner for vulnerable log4j instances

Remote command execution vulnerability scanner for Log4j.

用于帮助企业内部快速扫描log4j2的jndi漏洞的burp插件

A tool that scans archives to check for vulnerable log4j versions

慕课网 首页 实战 路径 猿问 手记 登录 注册 11.11 Python 手记 \ 史上最全，最详idea搭建springdata+mongoDB+maven+springmvc 史上最全，最详idea搭建springdata+mongoDB+maven+springmvc 原创 2016-10-21 10:54:297759浏览2评论 作为IT届的小弟，本篇作为本人的第一篇手记，还希望各位大牛多多指点，以下均为个人学习所得，如有错误，敬请指正。本着服务IT小白的原则，该手记比较详细。由于最近使用postgre开发大型项目，发现了关系型数据库的弊端及查询效率之慢，苦心钻研之下，对nosql的mongoDB从无知到有了初步了解。 项目环境：win10+IntelliJ IDEA2016+maven3.3.9+MongoDB 3.2+JDK1.7+spring4.1.7 推荐网站（适合学习各种知识的基础）：http://www.runoob.com/ mongo安装请参考http://www.runoob.com/mongodb/mongodb-window-install.html 由于最近osChina的maven仓库挂掉，推荐大家使用阿里的镜像，速度快的飞起 maven配置：<localRepository>F:\.m2\repository</localRepository> <mirrors> <mirror> <id>alimaven</id> <name>aliyun maven</name> <url>http://maven.aliyun.com/nexus/content/groups/public/</url> <mirrorOf>central</mirrorOf> </mirror> </mirrors> 这里不实用idea自带maven插件，改用3.3.9 图片描述 项目结构：图片描述 这里dao与mongoDao分别为mongoDB的两种查询方式： dao为JPA的查询方式（请参考springdataJPA） mongoDao使用mongoTemplate，类似于关系型数据库使用的jdbcTemplate 不罗嗦，上代码 先看配置文件 spring-context.xm为最基本的spring配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <!--扫描service包嗲所有使用注解的类型--> <context:component-scan base-package="com.lida.mongo"/> <!-- 导入mongodb的配置文件 --> <import resource="spring-mongo.xml" /> <!-- 开启注解 --> <context:annotation-config /> </beans> spring-web.xml为springmvc的基本配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> <!--配置springmvc--> <!--1.开启springmvc注解模式--> <!--简化配置： (1)主动注册DefaultAnnotationHandlerMapping,AnnotationMethodHandlerAdapter (2)提供一系列功能：数据绑定，数字和日期的format @NumberFormt @DataTimeFormat，xml json默认的读写支持--> <mvc:annotation-driven/> <!--servlet-mapping--> <!--2静态资源默认的servlet配置，（1）允许对静态资源的处理：js，gif （2）允许使用“/”做整体映射--> <!-- 容器默认的DefaultServletHandler处理 所有静态内容与无RequestMapping处理的URL--> <mvc:default-servlet-handler/> <!--3:配置jsp 显示viewResolver--> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/> <property name="prefix" value="/WEB-INF/views/"/> <property name="suffix" value=".jsp"/> </bean> <!-- 4自动扫描且只扫描@Controller --> <context:component-scan base-package="com.lida.mongo.controller" /> <!-- 定义无需Controller的url<->view直接映射 --> <mvc:view-controller path="/" view-name="redirect:/goMongo/list"/> </beans> spring-mongo.xml为mongo配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mongo="http://www.springframework.org/schema/data/mongo" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/data/mongo http://www.springframework.org/schema/data/mongo/spring-mongo.xsd"> <!-- 加载mongodb的属性配置文件 --> <context:property-placeholder location="classpath:mongo.properties" /> <!-- spring连接mongodb数据库的配置 --> <mongo:mongo-client replica-set="${mongo.hostport}" id="mongo"> <mongo:client-options connections-per-host="${mongo.connectionsPerHost}" threads-allowed-to-block-for-connection-multiplier="${mongo.threadsAllowedToBlockForConnectionMultiplier}" connect-timeout="${mongo.connectTimeout}" max-wait-time="${mongo.maxWaitTime}" socket-timeout="${mongo.socketTimeout}"/> </mongo:mongo-client> <!-- mongo的工厂，通过它来取得mongo实例,dbname为mongodb的数据库名，没有的话会自动创建 --> <mongo:db-factory id="mongoDbFactory" dbname="mongoLida" mongo-ref="mongo" /> <!-- 只要使用这个调用相应的方法操作 --> <bean id="mongoTemplate" class="org.springframework.data.mongodb.core.MongoTemplate"> <constructor-arg name="mongoDbFactory" ref="mongoDbFactory" /> </bean> <!-- mongodb bean的仓库目录，会自动扫描扩展了MongoRepository接口的接口进行注入 --> <mongo:repositories base-package="com.lida.mongo" /> </beans> mongo.properties #mongoDB连接配置 mongo.hostport=127.0.0.1:27017 mongo.connectionsPerHost=8 mongo.threadsAllowedToBlockForConnectionMultiplier=4 #连接超时时间 mongo.connectTimeout=1000 #等待时间 mongo.maxWaitTime=1500 #Socket超时时间 mongo.socketTimeout=1500 pom.xml <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.liad</groupId> <artifactId>mongo</artifactId> <packaging>war</packaging> <version>1.0-SNAPSHOT</version> <name>mongo Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <!--使用junit4，注解的方式测试--> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <!--日志--> <!--日志 slf4j,log4j,logback,common-logging--> <!--slf4j是规范/接口--> <!--log4j,logback,common-logging是日志实现 本项目使用slf4j + logback --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.12</version> </dependency> <!--实现slf4j并整合--> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-core</artifactId> <version>1.1.1</version> </dependency> <dependency> <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> <version>1.1.1</version> </dependency> <!--数据库相关--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.22</version> <!--maven工作范围 驱动在真正工作的时候使用，故生命周期改为runtime--> <scope>runtime</scope> </dependency> <!--servlet web相关--> <dependency> <groupId>taglibs</groupId> <artifactId>standard</artifactId> <version>1.1.2</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.5.4</version> </dependency> <!--spring--> <!--spring核心--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.1.7.RELEASE</version> </dependency> <!--spring dao--> <dependency> <groupId>org.springframework.data</groupId> <artifactId>spring-data-mongodb</artifactId> <version>1.8.0.RELEASE</version> </dependency> <dependency> <groupId>org.mongodb</groupId> <artifactId>mongo-java-driver</artifactId> <version>3.2.2</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>4.1.7.RELEASE</version> </dependency> <!--spring web--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.1.7.RELEASE</version> </dependency> <!--spring test--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>4.1.7.RELEASE</version> </dependency> <dependency> <groupId>commons-collections</groupId> <artifactId>commons-collections</artifactId> <version>3.2.2</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.2</version> </dependency> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.10</version> </dependency> </dependencies> <dependencyManagement> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-framework-bom</artifactId> <version>${spring.version}</version> <type>pom</type> <scope>import</scope> </dependency> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache-core</artifactId> <version>2.6.9</version> </dependency> </dependencies> </dependencyManagement> <build> <finalName>mongo</finalName> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.6</source> <target>1.6</target> </configuration> </plugin> </plugins> </build> </project> 两个实体类： /** * Created by DuLida on 2016/10/20. */ public class Address { private String city; private String street; private int num; public Address() { } public Address(String city, String street, int num) { this.city = city; this.street = street; this.num = num; } public String getCity() { return city; } public void setCity(String city) { this.city = city; } public String getStreet() { return street; } public void setStreet(String street) { this.street = street; } public int getNum() { return num; } public void setNum(int num) { this.num = num; } @Override public String toString() { return "Address{" + "city='" + city + '\'' + ", street='" + street + '\'' + ", num=" + num + '}'; } } /** * Created by DuLida on 2016/10/20. */ @Document(collection="person") public class Person implements Serializable { @Id private ObjectId id; private String name; private int age; private Address address; public Person() { } public Person( String name, int age, Address address) { this.name = name; this.age = age; this.address = address; } public ObjectId getId() { return id; } public void setId(ObjectId id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public int getAge() { return age; } public void setAge(int age) { this.age = age; } public Address getAddress() { return address; } public void setAddress(Address address) { this.address = address; } @Override public String toString() { return "Person{" + "id=" + id + ", name='" + name + '\'' + ", age=" + age + ", address=" + address + '}'; } } JPA的dao，注意这里只要继承MongoRepository不用写注解spring就能认识这是个Repository，MongoRepository提供了基本的增删改查，不用实现便可直接调用，例如testMongo的personDao.save(persons); public interface PersonDao extends MongoRepository<Person, ObjectId> { @Query(value = "{'age' : {'$gte' : ?0, '$lte' : ?1}, 'name':?2 }",fields="{ 'name' : 1, 'age' : 1}") List<Person> findByAge(int age1, int age2, String name); } mongoTemplate的dao /** * Created by DuLida on 2016/10/21. */ public interface PersonMongoDao { List<Person> findAll(); void insertPerson(Person user); void removePerson(String userName); void updatePerson(); List<Person> findForRequery(String userName); } @Repository("personMongoImpl") public class PersonMongoImpl implements PersonMongoDao { @Resource private MongoTemplate mongoTemplate; @Override public List<Person> findAll() { return mongoTemplate.findAll(Person.class,"person"); } @Override public void insertPerson(Person person) { mongoTemplate.insert(person,"person"); } @Override public void removePerson(String userName) { mongoTemplate.remove(Query.query(Criteria.where("name").is(userName)),"person"); } @Override public void updatePerson() { mongoTemplate.updateMulti(Query.query(Criteria.where("age").gt(3).lte(5)), Update.update("age",3),"person"); } @Override public List<Person> findForRequery(String userName) { return mongoTemplate.find(Query.query(Criteria.where("name").is(userName)),Person.class); } } JPA查询的测试类： /** * Created by DuLida on 2016/10/20. */ @RunWith(SpringJUnit4ClassRunner.class) //告诉junit spring配置文件 @ContextConfiguration({"classpath:spring/spring-context.xml","classpath:spring/spring-mongo.xml"}) public class PersonDaoTest { @Resource private PersonDao personDao; /*先往数据库中插入10个person*/ @Test public void testMongo() { List<Person> persons = new ArrayList<Person>(); for (int i = 0; i < 10; i++) { persons.add(new Person("name"+i,i,new Address("石家庄","裕华路",i))); } personDao.save(persons); } @Test public void findMongo() { System.out.println(personDao.findByAge(2,8,"name6")); } } mongoTemplate查询的测试类 /** * Created by DuLida on 2016/10/21. */ @RunWith(SpringJUnit4ClassRunner.class) //告诉junit spring配置文件 @ContextConfiguration({"classpath:spring/spring-context.xml","classpath:spring/spring-mongo.xml"}) public class MongoTemplateTest { @Resource private PersonMongoImpl personMongo; @Test public void testMongoTemplate() { //personMongo.insertPerson(new Person("wukong",24,new Address("石家庄","鑫达路",20))); //personMongo.removePerson("name3"); //personMongo.updatePerson(); //System.out.println(personMongo.findAll()); System.out.println(personMongo.findForRequery("wukong")); } } 注意测试前请先通过testMongo()向数据库中插入数据。 项目源码Git地址，仅供学习使用：https://github.com/dreamSmile/mongo.git 参考资料http://docs.spring.io/spring-data/mongodb/docs/current/reference/html/ 本文原创发布于慕课网 ，转载请注明出处，谢谢合作！ 相关标签：JAVAMongoDB 时间丶思考 天才小驴 你好小Song 陈词滥调1 4 人推荐 收藏 相关阅读 JAVA第三季1-9（模拟借书系统）作业 用pkp类，players类，playgame类三步教你写扑克牌游戏 Java入门第三季习题，简易扑克牌游戏 java学习第二季哒哒租车系统 Java入门第二季第六章练习题 请登录后，发表评论 评论（Enter+Ctrl） 全部评论2条 你好小Song2F 多数据源如何配置, 比如多个mongodb数据库再加mysql 1天前回复赞同0 时间丶思考 回复 你好小Song： 41分钟前 就在加一个datasource就行啊，原来mysql的datasource怎么加，现在就怎么加上就行，加上直接用。 回复 你好小Song1F 参考一下, 学习了. 2天前回复赞同0 时间丶思考 JAVA开发工程师 情劫难逃。 3篇手记 3推荐 作者的热门手记 神奇的Canvas贝塞尔曲线画心，程序员的表白 1021浏览18推荐3评论 深入探究setTimeout 和setInterval 44浏览1推荐0评论 网站首页企业合作人才招聘联系我们合作专区关于我们讲师招募常见问题意见反馈友情链接 Copyright © 2016 imooc.com All Rights Reserved | 京ICP备 13046642号-2

Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.

Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046)

Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.

log4j2内网扫描

Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered archives. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

log4j2 RCE漏洞（CVE-2021-44228)内网扫描器，可用于在不出网的条件下进行漏洞扫描，帮助企业内部快速发现Log4jShell漏洞。

Log4j2 RCE Passive Scanner plugin for BurpSuite

Scan and patch tool for CVE-2021-44228 and related log4j concerns.

Log4j2 RCE Passive Scanner for BurpSuite

对接JNDIMonitor的Burp Suite被动扫描插件

Multithreaded log4j vulnerability scanner using only bash! Tests all JNDI protocols, HTTP GET/POST, and 84 headers.

No description available

This is an automated script to scan for Log4J vulnerabilities. This is based off of the Datto script.

A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

使用浏览器爬虫获取网站全链接扫描log4j2漏洞 / Use a browser crawler to get the full link of the website and scan the log4j2 vulnerability

Log4j漏洞（CVE-2021-44228）的Burpsuite检测插件

log4j2 rce漏洞扫描器